Personalised threat intelligence to be the next frontier in CyberSec

Engaging in conversation with Kumar Ritesh, Founder CEO, Cyfirma, an External Threat Landscape Management Company. In an era, where cybersecurity challenges continue to escalate, Cyfirma emerges as a formidable force in the realm of digital defense. Cyfirma has pioneered a revolutionary platform that harnesses intelligence from the depths of hackers’ forums, shedding light on covert schemes directed against legitimate enterprises. With an unwavering commitment to countering cybercrime, Cyfirma’s impactful contributions extend to thwarting international cyber-attacks, rendering invaluable support to numerous companies in their unyielding battle against online threats.

Excerpt from an interaction with Mr. Kumar.


Give a brief about the company, its specialization and various services provided by the company?

Mr. Kumar: CYFIRMA is an external threat landscape management platform. We combine cyber intelligence with attack surface discovery and digital risk protection to deliver early warning, personalized, contextual, outside-in, and multi-layered insights. Our cloud-based AI and ML-powered analytics platform provides the hacker’s view with deep insights into the external cyber landscape,helping clients prepare for impending attacks. CYFIRMA is headquartered in Singapore with presence across APAC, EMEA, and the USA. The company is funded by Goldman Sachs, Zodius Capital, Z3 Partners, NTT Finance, OurCrowd and L&T Innovation Fund.

Please take us through your journey and what inspired you to start the company?

Mr. Kumar: The unabated tide of cyberattacks and data breaches have continued, and in fact, escalated, in recent times. And this is in spite of the vast number of security controls, software, and solutions that are abundantly available in the market.

The threat landscape is fast evolving and cybercriminals are moving quickly to take advantage of global events. The traditional approach to cybersecurity without quality cyber-intelligence and comprehensive view of the external threat landscape have resulted in cyber adversaries gaining the upper hand.

With a wealth of experience of over two decades across various facets of cybersecurity, CYFIRMA Founder & CEO, Kumar Ritesh, had identified important gaps in the global cyber threat intelligence market and set up CYFIRMA to offer the following solutions:

  • Cyber intelligence companies were operational-intelligence-focused. Strategic and management intelligence were being overlooked, and they are equally important to manage evolving cyber threats and risks.
  • The industry has been groomed and coached to pay attention to cybersecurity alerts, incidents and breaches. These are what we refer to as “cyber events” where we react en masse, when an actual cyber incident has already occurred. To effectively reduce the number of cyber intrusions, a radical mindset shift is needed. Cyber threat intelligence and insights should provide proactive cyber posture management by identifying threats at the early planning stage of cyberattacks.
  • To strengthen cyber posture and to effectively prevent data breaches and cyberattacks, companies need to have a complete view of their threat landscape and this means the ability to correlate and attribute hackers to campaigns, motives, and methods. This requires a comprehensive view across attack surfaces, digital risk and cyber-intelligence.

CYFIRMA assists organizations to understand their evolving threat landscape, receive actionable intelligence that is prioritized to help remediate security gaps across people process and technology. This includes insights on threat actors, threat signals and indicators, new emerging threats and digital risks, situational awareness of global and local cyber events, and apply intelligence into cyber posture management.

Our unique approach of decoding threats for our clients entails that we provide personalized intelligence for every customer to eliminate noise and help optimize resources to focus on what’s critical. Our platform’s predictive capability has resulted in customers avoiding costly financial and reputational impact from cyberattacks.

Company’s vision/mission: how do you aim to achieve your goals?

Mr. Kumar: CYFIRMA’s vision is to help government, businesses and communities decode threats and neutralize cyberattacks using external threat landscape management intelligence so that communities can thrive in the age of digital and AI.

We achieve our goals through our core platform, DeCYFIR, which we bring to both public and private sector customers, and helping them monitor their external threat landscape so they are always kept abreast of impending attacks and equipped with the insights to take proactive measures.

What is the USP of the company and what differentiates the company from competitors?

Mr. Kumar:

  • Built the platform with 6 threat views from the ground up. These 6 threat views are Attack Surface Discovery, Vulnerability Intelligence, Brand Intelligence, Digital Risk Monitoring, Situational Awraeness and Cyber-Intelligence. Proprietary algorithms that show threat actor attribution, correlating hacker, motive, campaign and method
  • Proprietary IP on how data is collected from dark web, hacker forums, closed forums, language specific forums, and more
  • Best-in-class team spanning across many facets of technology and cybersecurity
  • Strategic alliances with technology vendors including governance, protection, detection, monitoring, orchestration tools and other providers such as OT protection and response.
  • Extensive partnership and alliances with distributors, resellers, MSSPs, GSIs
  • Continual research and innovation

Please brief us about the products/services/solutions you provide to your customers and how they get value out of it 

Mr. Kumar: CYFIRMA is defining a new category in cybersecurity called ‘ETLM’ (external threat landscape management) and has developed the world’s first external threat landscape management platform called DeCYFIR.

DeCYFIR arms governments and businesses with personalized intelligence where insights are tailored to their industry, geography and technology. DeCYFIR provides clients with multi-layered intelligence covering strategic, management and operational insights. DeCYFIR’s ability to combine cyber-intelligence with attack surface discovery, vulnerability intelligence, brand intelligence, situational awareness and digital risk protection on a single pane of glass sets it apart from the competition. Clients receive insights that enable them to conduct effective intelligence hunting and attribution, connecting the dots between hacker, motive, campaign and method to gain a comprehensive view of their threat landscape. With DeCYFIR, clients receive alerts on their third-party risk as well as early warnings of impending cyberattacks so they can act quickly to avoid a breach. DeCYFIR is designed to meet the stringent demands of CISOs, CROs, and Security Operations teams.

The company is also behind the cutting-edge digital risk protection platform, DeTCT. DeTCT helps clients uncover their attack surfaces, know their vulnerabilities, quickly gain awareness of any data breach or leak as well as third-party risk. DeTCT also helps clients protect their brand and reputation by unraveling any copyright infringement and executive impersonation.

One of our largest customers is in the manufacturing industry. We help monitor their external threat landscape across their business units and subsidiaries. This global manufacturer invests heavily in R&D in many domains – including high tech manufacturing, power, industrial, elevators, electronic components, semiconductors, harddisk, facial recognition technology, quantum technology, and many more. They subscribe to DeCYFIR platform to help them monitor for digital risk and threats ranging from corporate espionage to geopolitical competition. They rely on the early warning capabilities of DeCYFIR to give them deep insights to cyberattacks targeting them so they are armed with actionable intelligence to thwart these attacks.

Another customer, RICONS, one of the leading building and construction company in Vietnam has deployed DeCYFIR to help them monitor for third-party risk, ransomware attacks, and emerging cyber threats. Having just been awarded the US$400M contract to build Vietnam’s Terminal 3 of Tan Son Nhat International Airport, the company needed to ensure its suppliers, partners and employees are in full compliance with security policies and standards. DeCYFIR is the 24/7 monitoring platform that will provide RICONS’ leadership team full visibiity of their threat landscape and give them immediate alerts should new threat emerge.

How do you plan to revolutionize the Indian/Japan/ASEAN market and what are your plans to tap the market?

Mr. Kumar: Revolutionizing cybersecurity is a complex and ongoing endeavor that requires collaboration, innovation, and a proactive approach to stay ahead of rapidly evolving cyber threats. CYFIRMA key strategies to achieve this include:

  1. Shift from Reactive to Proactive Approach: Traditional cybersecurity measures have been reactive, focusing on defending against known threats. A revolution in cybersecurity requires adopting a proactive stance, where organizations actively anticipate and prepare for emerging threats. This involves threat intelligence gathering, risk assessments, and continuous monitoring.
  2. Embrace AI and Machine Learning: Artificial Intelligence (AI) and Machine Learning (ML) technologies have the potential to transform cybersecurity by enhancing threat detection, automating security processes, and analyzing large datasets to identify patterns and anomalies. Integrating AI and ML into security operations can significantly improve response times and accuracy. DeCYFIR’s AI engines and models are designed to help customers predict threats and attacks so they can take timely remedial action.
  3. Zero Trust Approach: Move towards a Zero Trust approach, where trust is never assumed for any user or device inside or outside the network perimeter. This requires continuous monitoring of the threat landscape and understanding the impact across both business and technology domains.
  4. Secure the Supply Chain: A proactive cybersecurity requires not only securing individual organizations but also strengthening the entire supply chain. Threat actors often target third-party vendors and suppliers to gain access to their customers’ networks. We want to ensure our platforms give customers the edge over cyber adversaries by helping them continuously monitor for security risks, ensure security standards are upheld, and regularly monitor third-party vendors’ cybersecurity practices.
  5. User Education and Awareness: Social engineering tactics like phishing, and most recently deepfake have been used by cybercriminals to lure employees and consumers. Instead of letting employees and users become the weakest link in cybersecurity, we want to have our platforms guide our customers in investing in comprehensive cybersecurity training and awareness programs for all staff, from executives to end-users.
  6. Collaboration and Information Sharing: Foster collaboration between organizations, industries, and even governments to share threat intelligence and best practices. By sharing information about new threats and attacks, the cybersecurity community can collectively respond more effectively.
  7. Integrated Security Solutions: Move away from a siloed approach to cybersecurity and integrate security solutions across the entire IT infrastructure. A unified and integrated security ecosystem allows for better visibility, faster response times, and more efficient threat management. We plan to build a rich and comprehensive ecosystem where intelligence provided by CYFIRMA’s core platform, DeCYFIR, would be embedded across security controls, and insights would be harnessed across people, process and technology to strengthen overall cyber posture.
  8. Regulatory Frameworks: Advocate for robust cybersecurity regulations and standards to establish a baseline for security practices across industries. Effective regulations can drive organizations to prioritize cybersecurity and protect both themselves and their customers.
  9. Continuous Innovation: Cyber threats will continue to evolve, so it’s crucial to continuously innovate and stay abreast of emerging technologies and tactics. We will continue to Invest in research and development to create breakthrough security solutions that anticipate future threats.

Revolutionizing cybersecurity is a continuous journey, and it requires the combined efforts of governments, businesses, cybersecurity professionals, researchers, and the public to build a safer digital ecosystem, and we work across all stakeholders to ensure we continue to lead the industry with our unique external threat landscape management (ETLM) approach. 

Financial milestones that CYFIRMA wants to achieve in the next 6/12 months like funding.

Mr. Kumar: Cyfirma has raised close to $18-20 million in funding till date

We’ve raised our seed fund and Series A a few years back and we have used the fund to expand our engineering resource to build our products and support our expansion.

We are raising funds to support our expansion plans and drive even more innovation across our products. The new funds will be used, broadly in 2 ways, to grow our sales and marketing teams and build a wider ecosystem to accelerate our to-to-market strategy, and to continue to drive innovation across our platforms.

What’s your growth plans for the next 12 months?

Mr. Kumar: We are now at a stage where we are ready to expand geographically into all key markets. The new funds will be used, broadly in 2 ways, to grow our sales and marketing teams and build a wider ecosystem so we can go to market faster, and to continue to drive innovation across our platforms by ensuring our AI technology remain cutting edge, adding more features and functions that would help our clients get the insights and intel needed to stay ahead of cyberthreats. The goal would always be to ensure customers consistently obtain the best value from their investment in our platforms.